1. Technical Field
The present invention relates generally to management of trust services among participants in a federated environment.
2. Background of the Related Art
Federated environments are known in the art. U.S. Publication No. 2006/0021018, filed Jul.21, 2004, is representative. A federation is a set of distinct entities, such as enterprises, organizations, institutions, or the like, that cooperate to provide a single-sign-on, ease-of-use experience to a user. A federated environment differs from a typical single-sign-on environment in that two enterprises need not have a direct, pre-established, relationship defining how and what information to transfer about a user. Within a federated environment, entities provide services that deal with authenticating users, accepting authentication assertions (e.g., authentication tokens) that are presented by other entities, and providing some form of translation of the identity of the vouched-for user into one that is understood within the local entity. Federation eases the administrative burden on service providers. A service provider can rely on its trust relationships with respect to the federation as a whole. The service provider does not need to manage authentication information, such as user password information, because it can rely on authentication that is accomplished by a user's authentication home domain or an identity provider.
Federation relationships require a trust relationship-based federation between business partners. A trust relationship is represented by the combination of security tokens that are used to exchange information about a user, cryptographic information used to protect these security tokens (and the communications used to broker token exchanges), and optionally identity mapping rules applied to information contained within this token. A trust service provides management of this overall trust relationship, including the binding of a trust relationship to a particular partner.